CVE-2019-19340
published 2019-12-19CVE-2019-19340: A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e…
high8.2CVSS 3.1
AVNACLPRNUINSUCHINAL
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| red_hat | tower | — | — |
| red_hat | tower | — | — |
| redhat | ansible_tower | >= 3.5.0 < 3.5.3 | 3.5.3 |
| redhat | ansible_tower | >= 3.6.0 < 3.6.2 | 3.6.2 |
| redhat | enterprise_linux | — | — |